[Pkg-voip-commits] r8797 - in /asterisk/branches/squeeze/debian: changelog patches/AST-2011-002 patches/series
tzafrir at alioth.debian.org
tzafrir at alioth.debian.org
Tue Feb 22 10:01:40 UTC 2011
Author: tzafrir
Date: Tue Feb 22 10:01:30 2011
New Revision: 8797
URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=8797
Log:
AST-2011-002: Multiple crash vulnerabilities in UDPTL code
Modified:
asterisk/branches/squeeze/debian/changelog
asterisk/branches/squeeze/debian/patches/AST-2011-002
asterisk/branches/squeeze/debian/patches/series
Modified: asterisk/branches/squeeze/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/squeeze/debian/changelog?rev=8797&op=diff
==============================================================================
--- asterisk/branches/squeeze/debian/changelog (original)
+++ asterisk/branches/squeeze/debian/changelog Tue Feb 22 10:01:30 2011
@@ -1,3 +1,9 @@
+asterisk (1:1.6.2.9-2+squeeze2) stable-security; urgency=low
+
+ * AST-2011-002: Multiple crash vulnerabilities in UDPTL code
+
+ -- Tzafrir Cohen <tzafrir at debian.org> Tue, 22 Feb 2011 11:38:42 +0200
+
asterisk (1:1.6.2.9-2+squeeze1) stable-security; urgency=high
* AST-2011-001/CVE-2011-0495: Stack buffer overflow in SIP channel driver
Modified: asterisk/branches/squeeze/debian/patches/AST-2011-002
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/squeeze/debian/patches/AST-2011-002?rev=8797&op=diff
==============================================================================
--- asterisk/branches/squeeze/debian/patches/AST-2011-002 (original)
+++ asterisk/branches/squeeze/debian/patches/AST-2011-002 Tue Feb 22 10:01:30 2011
@@ -1,9 +1,14 @@
-From b84b2ec267760225cb709a85a771cbda9c6e0bc8 Mon Sep 17 00:00:00 2001
From: Leif Madsen <lmadsen at digium.com>
Date: Mon, 21 Feb 2011 18:34:23 +0000
-Subject: [PATCH] Merge changes related to AST-2011-002 and FAX-281.
+Subject: Multiple array overflow and crash vulnerabilities in UDPTL code
+Origin: http://svnview.digium.com/svn/asterisk?view=rev&rev=308507
-Origin: http://svnview.digium.com/svn/asterisk?view=rev&rev=308507
+When decoding UDPTL packets, multiple stack and heap based arrays can be
+made to overflow by specially crafted packets. Systems doing T.38 pass
+through or termination are vulnerable.
+
+See also: http://downloads.asterisk.org/pub/security/AST-2011-002.html
+
---
main/udptl.c | 48 +++++++++++++++++++++---------------------------
1 files changed, 21 insertions(+), 27 deletions(-)
Modified: asterisk/branches/squeeze/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/squeeze/debian/patches/series?rev=8797&op=diff
==============================================================================
--- asterisk/branches/squeeze/debian/patches/series (original)
+++ asterisk/branches/squeeze/debian/patches/series Tue Feb 22 10:01:30 2011
@@ -27,3 +27,4 @@
rtcp_cli_fix
AST-2011-001
+AST-2011-002
More information about the Pkg-voip-commits
mailing list